<?php
session_start();
  include('../include/db_connect.php');

function inDB(){
$password = md5($_SERVER['PHP_AUTH_PW']);
$queryL="SELECT idUSERNAME, gebruikers_naam, wachtwoord FROM USERNAME
                  WHERE BINARY
                  gebruikers_naam='".$_SERVER['PHP_AUTH_USER']."'
                  AND
                  wachtwoord='".$password."'
                  AND
                  admin = 1
                  AND
                  status='act'";
/*
gebruikers_naam die werkt='Muurverf'
                  //wachtwoord='".$_SERVER['PHP_AUTH_PW']."'";*/


$resL=   mysql_query($queryL) or die(mysql_error());
$usR =   mysql_fetch_array($resL);
if ($usR===false) return false;
return $usR['idUSERNAME'];
}

$usR = inDB();


?>
<style type="text/css">
div#noPermission{
margin-left:auto;
margin-right:auto;
text-align:center;
}
#noPermission a{
text-decoration:none;
color: #000000;
}
#noPermission a:hover{
text-decoration:none;
color: #ff0000;
}
#noPermissionImage a{
margin-top:-30px;
margin-left:auto;
margin-right:auto;
background-image:url('images_admin/icon_stop.png');
display:block;
width:512px;
height:512px;
text-decoration:none;
color: #000000;
}
#noPermissionImage a:hover{
margin-top:-30px;
margin-left:auto;
margin-right:auto;
background-image:url('images_admin/icon_stop2.png');
display:block;
width:512px;
height:512px;
text-decoration:none;
color: #ff0000;
}
</style>
<?php
if(!isset($_SERVER['PHP_AUTH_USER'])||$usR===false)
  {
    Header("WWW-Authenticate: Basic realm=\"Vul je gebruikersnaam en wachtwoord in\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo '<div id="noPermission">';
	echo '<h1> U heeft geen authorisatie om hier te komen.</h1><br>';
	echo '<div id="noPermissionImage">';
	echo '<a href="../index.php"></a>';
	echo '</div>';
	echo '<h1> <a href="../index.php">Klik hierom terug te gaan naar de index site</a> </h1><br>';
	echo '</div>';

   }
   else{
    //echo $usR;

?>
<script type="text/javascript">
var current = "1";
function pageSwitch(id){
	if(!document.getElementById) return false;
	var div = document.getElementById("page"+id);
	var curDiv = document.getElementById("page"+current);
	curDiv.style.display = "none";
	div.style.display = "block";
	current = id;
}
</script>
		<style type="text/css" media="screen"><!--
.hiddenDiv {
	display: none;
	}
.visibleDiv {
	display: block;
	border: /1px grey solid;
	}

--></style>
		<!-- Start of Page Header -->
	<?php include("include/admin_header.php"); ?>
		
	<?php include("include/admin_menu.php"); ?>

<?php
	if(isset($_GET['id'])){
		$_SESSION['productbeheerid']=0;
		$_SESSION['productbeheerid'] = $_GET['id'];
	}
	
	if(isset($_POST['update']))
	{
	$updateproduct = "UPDATE  `m1_f4502769`.`PRODUCT` SET ".
	"`naam` =  '".$_POST['productnaam']."' ,".
	"`prijs` =  '".$_POST['orgineleprijs']."' ,".
	"`omschrijving` =  '".$_POST['productomschrijving']."' ,".
	"`sub1` =  '".$_POST['sub1']."' ,".
	"`sub2` =  '".$_POST['sub2']."' ,".
	"`sub3` =  '".$_POST['sub3']."' ,".
	"`korting` =  '".$_POST['productkorting']."' ".
	"WHERE  `PRODUCT`.`idPRODUCT` =".$_SESSION['productbeheerid'];
	$updatequery = mysql_query($updateproduct);
	#echo $updateproduct;
	
	}
	
	$productQuery = mysql_query("SELECT * ".
	                            "FROM PRODUCT ".
	                            "WHERE `idPRODUCT` = ".$_GET['id']);
	                            
	if(!$productQuery) {
		die("Query failed. Please try again later.<br>".mysql_error());
	} else {
		$productResult = mysql_fetch_assoc($productQuery);
	}
	#$prijs = $productResult['prijs'] * (1 - ($productResult['korting']) / 100);
	echo "<div id='main_content'>";
	echo "<div id='super_main_content'>";
		if(isset($_POST['update']))
		{
			if($updatequery ==false)
			{
				echo '<td><p style="font-size:14px;color:#000000; text-align:center;">Dit product kon niet succesvol worden bwerkt. Probeer het nogmaals. Mocht het probleem blijven bestaan, neem contact op met de administrator</p></td>';
			}	
			else if($updatequery ==true)
			{
				echo '<td><p style="font-size:14px;color:#000000;  text-align:center;"> Dit product is succesvol bewerkt</p></td>';
				
			}
		}

		echo '<form action="productbeheerdetail.php?id='.$_SESSION['productbeheerid'].'" method = "POST">';
		echo '<br>';
		echo 'Productnummer: <input type="text" readonly size = "50" name="productnr" value="'.$productResult['idPRODUCT'].'"><br>';
		echo '<br>';
		echo 'Productnaam: <input type="text" size = "50"name="productnaam" value="'.$productResult['naam'].'"><br>';
		echo '<br>';
		#echo "Omschrijving: <br>".wordwrap($productResult['omschrijving'], 50, "<br>")."<br><br>";
		echo 'Omschrijving: <br><textarea id="productomschrijving" name="productomschrijving" cols="50" rows="5">'.wordwrap($productResult['omschrijving'], 50, " ").'</textarea><br>';
		echo "<img src='../images/producten/normal/normal_".$productResult['bestandsnaam']."'><br>";
	
	
		echo '<h6>Oorspronkelijke prijs: <input type="text" size = "10" name="orgineleprijs" value="'.$productResult['prijs'].'"></h6>';
		#echo "<h6>Oorspronkelijke prijs: ".$productResult['prijs']."</h6>";
		echo '<h6>Korting in procenten: <input type="text" size = "10" name="productkorting" value="'.$productResult['korting'].'"></h6>';
		echo '<h6>Subcategory 1: <input type="text" size = "30" name="sub1" value="'.$productResult['sub1'].'"></h6>';
		echo '<h6>Subcategory 2: <input type="text" size = "30" name="sub2" value="'.$productResult['sub2'].'"></h6>';
		echo '<h6>Subcategory 3: <input type="text" size = "30" name="sub3" value="'.$productResult['sub3'].'"></h6>';
		#echo '<h6>Huidige prijs: <input type="text" size = "10" name="productprijs" value="'.number_format($prijs, 2).'"></h6>';
	

	
	
	echo "<br>";
	#echo "<a href='../winkelwagen.php?id=".$_GET['id']."&action=add'>Bestel!</a>"; // Scott: deze link werkt om aan winkelwagentje toe te voegen

	echo '<INPUT TYPE="submit" name="update" value="Update dit product">';
	echo '&nbsp;';
	echo "<input type='button' value='Ga terug naar de vorige pagina' onClick='history.go(-1)'>";
	echo'</form>';
	echo "</div>";
	echo "</div>";	
	echo "<div class='clearthis'></div>";
?>


	<?php include("include/admin_footer.php"); 
}
?>
